I think it's the relation between upvotes/comments and also maybe many were upvoting from the submission page (which triggers vote ring detection or something, read about that somewhere)
The problem with such lists is that plenty of people will use the same password they used on website 'x' with their gmail account. So don't be surprised if a whole pile of these actually will work with the listed gmail address.
WARNING: This is probably fake and a scam. If you ctrl + f you are giving away your account name to the site which can be done with some simple javascript.
There was a talk about that a while back. And the username can then be used for a bruteforce attack. News companies need to stop being so dumb and reporting on these fake hacks.
Canary is still chewing through the dataset I fed it and figuring out where they all relate (if at all), but so far it seems that some of the data is as old as January 2014. This is likely not from Gmail itself but perhaps a collection of other leaks.
Interestingly I have one hit for my gmail on isleaked.
Looking at that link I see freebiejeebies, which if I check in keepass I created an account for in 2008 with a unique password (as I tended to back then, even for throwaways).
Sure enough the first two characters match that reported by isleaked (Though case doesn't match..)
Having gone through the majority of the other entries in keepass, that is the only password starting with the two reported characters.
So can safely say freebiejeebies was compromised at some point.
Now to work out why I'd have an account on there in the first place ;)
Me too. My password is in the dataset, but it's one I've never used with my Google account. It's my "low-security" password that I use on sites that I don't really care about.
19 comments
[ 3.2 ms ] story [ 58.5 ms ] threadhttp://www.righto.com/2013/11/how-hacker-news-ranking-really...
I think it's the relation between upvotes/comments and also maybe many were upvoting from the submission page (which triggers vote ring detection or something, read about that somewhere)
There was a talk about that a while back. And the username can then be used for a bruteforce attack. News companies need to stop being so dumb and reporting on these fake hacks.
https://canary.pw/view/?item=1bc5b34811b50f3fbce06cb55088372...
https://canary.pw/view/?item=87ecceaf19b0187e901e15c5bc8f8a9...
Canary is still chewing through the dataset I fed it and figuring out where they all relate (if at all), but so far it seems that some of the data is as old as January 2014. This is likely not from Gmail itself but perhaps a collection of other leaks.
A good backgrounder too.
Looking at that link I see freebiejeebies, which if I check in keepass I created an account for in 2008 with a unique password (as I tended to back then, even for throwaways).
Sure enough the first two characters match that reported by isleaked (Though case doesn't match..)
Having gone through the majority of the other entries in keepass, that is the only password starting with the two reported characters.
So can safely say freebiejeebies was compromised at some point.
Now to work out why I'd have an account on there in the first place ;)